Exploiting ECDSA Failures in the Bitcoin Blockchain

Bitcoin dev IRC meeting in layman's terms (2016-01-28)

Once again my attempt to summarize and explain the weekly bitcoin developer meeting in layman's terms. Link to last summarisation
Disclaimer
Please bear in mind I'm not a developer so some things might be incorrect or plain wrong. There are no decisions being made in these meetings, but since a fair amount of devs are present it's a good representation. Copyright: Public domain

Logs

Main topics

Short topics

ajtowns has written some functional test scripts for OP_CSV which will be helpful for testing #7184(BIP 68) and #6564(BIP 112)

Refactoring window

background

jtimon asks when exactly this is and what it entails. Refactoring is moving code around to specific libraries or files to make things easier to read and to safely change parts of the code without affecting other parts. Mainly these will be moves to facilitate libconsensus, the part that will hold all the consensus-critical code.

meeting comments

Wumpus is fine with starting to merge moveonly stuff. The refactors might interfere with segregated witness, however waiting for it might cause the refactor window for 0.13 to be missed.

meeting conclusion

Refactor window is from now till -undecided- Review #7091, #7287, #7310 and #7311

outstanding issues for 0.12.0

background

Bitcoin Core 0.12 is scheduled for release around February and introduces a lot of fixes and improvements. (release notes) There's a release candidate 0.12rc2 available at https://bitcoin.org/bin/bitcoin-core-0.12.0/test/

meeting comments

We need to sign the win32 release with a new key for win7+ as the current key uses sha-1 which is broken. There's still some controversy how the changes for priority should be noted in the release notes. e.g. #7346 gmaxwell points out we never did anything about the issues with localhost being whitelisted which might cause issues with the new automatic hidden service creation. This issue was raised in the 2015/12/03 meeting

meeting conclusion

There will be a new key, if it takes too long to get it someone else can sign it this time. gmaxwell will change #7082 to only remove the privledging of localhost. The rest of the PR can be done for 12.1/0.13

how does this new "critical" OpenSSL release affect us

background

There's a new openSSL release which fixes some security issues. https://mta.openssl.org/pipermail/openssl-announce/2016-January/000061.html Question is if and how this affects bitcoin. Since 0.12 bitcoin-core uses their own libsecp256k1 for ECDSA signature verification instead of openSSL.

meeting comments

BIP70 (Payment Protocol) might be affected. The parts of core that still depend on openSSL are entropy, AES (wallet) and BIP70. There's a plan to replace openSSL for entropy with fortuna (build by sipa and gmaxwell), which needs to be build into a separate library. There are many complications in making a safe random number generator, first among them is fork detection (fork= a unix operation which duplicates the entire process state which will lead to reuse of random numbers) Wumpus notes openSSL has the same issues and we only have to be better than openSSL, also bitcoin never forks so the problem is mainly for other applications using the library. It would be good if this was an effort which included non-bitcoin users (e.g. mailinglist & tor)

meeting conclusion

Long term goal is leaving openSSL only for BIP70.

Participants

wumpus Wladimir J. van der Laan jonasschnelli Jonas Schnelli gmaxwell Gregory Maxwell petertodd Peter Todd jtimon Jorge Timón cfields Cory Fields btcdrak btcdrak Luke-Jr Luke Dashjr paveljanik Pavel Janik maaku Mark Friedenbach 

Comic relief

19:47 wumpus note also that bitcoin never forks 19:48 wumpus gmaxwell: just add a disclaimer 'not fork safe' 19:48 jonasschnelli 'not fork safe'? HF or SF.... 19:48 jonasschnelli  
submitted by G1lius to Bitcoin [link] [comments]

How to convert 65 char private key to WIF compressed 52 char base 58?

I recently used a utility to search my old HD's for private keys. It worked well. The utility (https://www.makomk.com/gitweb/?p=bitcoin-wallet-recover.git) spit out a list of 209 public and private keys, for example (not real numbers)
$ sudo ./wallet-recover /dev/sdg recovered-wallet.dat pubkey_comp = 0297699ca958ada8e31cfc180b46a8b5db95dfbed9d16d4ca82ad2265dc0e97d26 privkey = de0f5a37ba4b69096385b00655f7f2d55bc114c3051993f24d2d46926ca05ad8 
So, I now have these private keys, and supposedly they are also in recovery_wallet.dat. However, the old bitcoin client (v0.7.0) seems to only recognize one address and using "importprivkey" in the console reports an error when I try to manually import these private keys.
These found keys are valid, as I am able to test them in https://www.bitaddress.org and then test the resulting address in blockchain.info.
These keys seem to be ASCII string of hexadecimal of the 256-bit ECDSA private key.
My problem is, I need to now convert these 64 character private keys to something I can import, like the WIF format.
I have this little script to convert to base58check
#!/bin/bash export PRIV_KEY=${1} export VER=ef echo ${VER}${PRIV_KEY} -n | xxd -r -p | openssl dgst -sha256 -binary | openssl dgst -sha256 > tmp export R=`cat tmp|awk '{print $2}'` echo ${R} | perl -p -e 's/^(........).*/$1/gmi' > tmp export CHECKSUM=`cat tmp` export PRE=`echo ${VER}${PRIV_KEY}${CHECKSUM}` echo ${PRE} 
This script tests ok when comparing to https://bitcointalk.org/index.php?topic=1801519.0
The output number is in a WIF format, but, when I go to Electrum and create a new wallet with "import private keys", Electrum does not recognize the number :/
I can't seem to create any number from the private keys that can be imported. What DOES work is if I go to http://bitaddress.org, enter the private key, then cut the new "Private Key WIF Compressed 52 characters base58" they make...
So, the question is... HOW DO I MAKE A "PRIVATE KEY WIF COMPRESSED 52 CHAR BASE 58" STRING FROM THE PRIVATE KEY THE SCRAPPER FOUND?
I know I can cut and paste hundreds, thousands, of private keys into bitaddress.org, but I hoping someone here knows how to do it programmatically, like, a utility or an algo or something.
Thanks
submitted by duncan_stroud to Bitcoin [link] [comments]

Bitcoin dev IRC meeting in layman's terms (2016-01-28)

Once again my attempt to summarize and explain the weekly bitcoin developer meeting in layman's terms. Link to last summarisation
Disclaimer
Please bear in mind I'm not a developer so some things might be incorrect or plain wrong. There are no decisions being made in these meetings, but since a fair amount of devs are present it's a good representation. Copyright: Public domain

Logs

Main topics

Short topics

ajtowns has written some functional test scripts for OP_CSV which will be helpful for testing #7184(BIP 68) and #6564(BIP 112)

Refactoring window

background

jtimon asks when exactly this is and what it entails. Refactoring is moving code around to specific libraries or files to make things easier to read and to safely change parts of the code without affecting other parts. Mainly these will be moves to facilitate libconsensus, the part that will hold all the consensus-critical code.

meeting comments

Wumpus is fine with starting to merge moveonly stuff. The refactors might interfere with segregated witness, however waiting for it might cause the refactor window for 0.13 to be missed.

meeting conclusion

Refactor window is from now till -undecided- Review #7091, #7287, #7310 and #7311

outstanding issues for 0.12.0

background

Bitcoin Core 0.12 is scheduled for release around February and introduces a lot of fixes and improvements. (release notes) There's a release candidate 0.12rc2 available at https://bitcoin.org/bin/bitcoin-core-0.12.0/test/

meeting comments

We need to sign the win32 release with a new key for win7+ as the current key uses sha-1 which is broken. There's still some controversy how the changes for priority should be noted in the release notes. e.g. #7346 gmaxwell points out we never did anything about the issues with localhost being whitelisted which might cause issues with the new automatic hidden service creation. This issue was raised in the 2015/12/03 meeting

meeting conclusion

There will be a new key, if it takes too long to get it someone else can sign it this time. gmaxwell will change #7082 to only remove the privledging of localhost. The rest of the PR can be done for 12.1/0.13

how does this new "critical" OpenSSL release affect us

background

There's a new openSSL release which fixes some security issues. https://mta.openssl.org/pipermail/openssl-announce/2016-January/000061.html Question is if and how this affects bitcoin. Since 0.12 bitcoin-core uses their own libsecp256k1 for ECDSA signature verification instead of openSSL.

meeting comments

BIP70 (Payment Protocol) might be affected. The parts of core that still depend on openSSL are entropy, AES (wallet) and BIP70. There's a plan to replace openSSL for entropy with fortuna (build by sipa and gmaxwell), which needs to be build into a separate library. There are many complications in making a safe random number generator, first among them is fork detection (fork= a unix operation which duplicates the entire process state which will lead to reuse of random numbers) Wumpus notes openSSL has the same issues and we only have to be better than openSSL, also bitcoin never forks so the problem is mainly for other applications using the library. It would be good if this was an effort which included non-bitcoin users (e.g. mailinglist & tor)

meeting conclusion

Long term goal is leaving openSSL only for BIP70.

Participants

wumpus Wladimir J. van der Laan jonasschnelli Jonas Schnelli gmaxwell Gregory Maxwell petertodd Peter Todd jtimon Jorge Timón cfields Cory Fields btcdrak btcdrak Luke-Jr Luke Dashjr paveljanik Pavel Janik maaku Mark Friedenbach 

Comic relief

19:47 wumpus note also that bitcoin never forks 19:48 wumpus gmaxwell: just add a disclaimer 'not fork safe' 19:48 jonasschnelli 'not fork safe'? HF or SF.... 19:48 jonasschnelli  
submitted by G1lius to btc [link] [comments]

"By placing a probe near a mobile device while it performs cryptographic operations, an attacker can measure enough electromagnetic emanations to fully extract the secret key that authenticates the end user's data or financial transactions."

This is an automatic summary, original reduced by 71%.
Researchers have devised an attack on Android and iOS devices that successfully steals cryptographic keys used to protect Bitcoin wallets, Apple Pay accounts, and other high-value assets.
"An attacker can non-invasively measure these physical effects using a $2 magnetic probe held in proximity to the device, or an improvised USB adapter connected to the phone's USB cable, and a USB sound card," the researchers wrote in a blog post published Wednesday.
While the researchers stopped short of fully extracting the key on a Sony-Ericsson Xperia x10 Phone running Android, they said they believe such an attack is feasible.
CoreBitcoin developers told the researchers they plan to replace their current crypto library with one that's not susceptible to the attack.
The researchers said they reported the vulnerability to OpenSSL maintainers, and the maintainers said that hardware side-channel attacks aren't a part of their threat model.
At the moment, the attack would require a hacker to have physical possession of-or at least have a cable or probe in close physical proximity to-a vulnerable mobile device while it performed enough operations to measure "a few thousand ECDSA signatures." The length of time required would depend on the specific application being targeted.
Summary Source | FAQ | Theory | Feedback | Top five keywords: attack#1 research#2 vulnerable#3 key#4 version#5
NOTICE: This thread is for discussing the submission topic only. Do not discuss the concept of the autotldr bot here.
submitted by autotldr to autotldr [link] [comments]

New attack steals secret crypto keys from Android and iOS phones

This is an automatic summary, original reduced by 71%.
Researchers have devised an attack on Android and iOS devices that successfully steals cryptographic keys used to protect Bitcoin wallets, Apple Pay accounts, and other high-value assets.
"An attacker can non-invasively measure these physical effects using a $2 magnetic probe held in proximity to the device, or an improvised USB adapter connected to the phone's USB cable, and a USB sound card," the researchers wrote in a blog post published Wednesday.
While the researchers stopped short of fully extracting the key on a Sony-Ericsson Xperia x10 Phone running Android, they said they believe such an attack is feasible.
CoreBitcoin developers told the researchers they plan to replace their current crypto library with one that's not susceptible to the attack.
The researchers said they reported the vulnerability to OpenSSL maintainers, and the maintainers said that hardware side-channel attacks aren't a part of their threat model.
At the moment, the attack would require a hacker to have physical possession of-or at least have a cable or probe in close physical proximity to-a vulnerable mobile device while it performed enough operations to measure "a few thousand ECDSA signatures." The length of time required would depend on the specific application being targeted.
Summary Source | FAQ | Theory | Feedback | Top five keywords: attack#1 research#2 vulnerable#3 key#4 version#5
NOTICE: This thread is for discussing the submission topic only. Do not discuss the concept of the autotldr bot here.
submitted by autotldr to autotldr [link] [comments]

Getting your Private Keys from the Bitcoin Core wallet ... Bitcoin Hack 2020 method tutorial on how to decrypt a bitcoin wallet backup to use with multibitHD Cryptographic Vulnerabilities in Threshold Wallets ~ Omer ... How to recover your Bitcoin private key-Facebook like @findBTC

ECDSA signatures inside Bitcoin transactions now use validation using libsecp256k1 instead of OpenSSL. Depending on the platform, this means a significant speedup for raw signature validation speed. The advantage is largest on x86_64, where validation is over five times faster. In practice, this translates to a raw reindexing and new block validation times that are less than half of what it ... Public key + Private key A wallet The address: hash ( public key ) 1DY5YvRxSwomrK7nELDZzAidQQ6ktjRR9A Digital signatures are considered the foundation of online sovereignty. The advent of public-key cryptography in 1976 paved the way for the creation of a global communications tool – the Internet, and a completely new form of money – Bitcoin. Although the fundamental properties of public-key cryptography have not changed... The range is governed by the secp256k1 ECDSA encryption standard used by Bitcoin. Wallet Import Format (WIF)¶ In order to make copying of private keys less prone to error, Wallet Import Format may be utilized. WIF uses base58Check encoding on a private key, greatly decreasing the chance of copying error, much like standard Bitcoin addresses. Take a private key. Add a 0x80 byte in front of it ... By message I mean any data from text to binary that needs to be authenticated. Specifically, Bitcoin clients produce signatures to authenticate their transactions, whereas miners verify such signatures to authorize an. trending ; Ecdsa In Blockchain Cryptocurrency . Ecdsa In Blockchain . Apr 8, 2018 DTN Staff. twitter. pinterest. google plus. facebook. Elliptic-curve Digital Signatures ...

[index] [13498] [27457] [36799] [20849] [39796] [49163] [22212] [2227] [33700] [10446]

Getting your Private Keys from the Bitcoin Core wallet ...

How To Get Wallet Private Key Of Digibyte Core Wallet. All wallet addresses for both DigiByte and all cryptocurrencies will have both a “Private Key” and a “Public Key” (A set of really ... In this tutorial we are going to install OpenSSL, decrypt the Android Bitcoin Wallet backup with OpenSSL to get our Mnemonic Code and then we are going to ge... Get your private keys from the Android Bitcoin Wallet with OpenSSL - Duration: 11:13. Bitcoin Daytrader 17,658 views. 11:13. How to Buy Cryptocurrency for Beginners ... Get your private keys from the Android Bitcoin Wallet with OpenSSL - Duration: 11:13. Bitcoin Daytrader 18,531 views. 11:13 . How To Trade Bitcoin Cryptocurrency for Beginners - Duration: 7:48 ... Cryptographic Vulnerabilities in Threshold Wallets. In the talk I will discuss threshold ecdsa signatures in the context of a wallet. In terms of cryptograph...

#